QwikSec

Security Database

CVE

CWE

Training

CVE-2020-25654

Published: Nov 24, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.

Vendor	Product	Versions
n/a	pacemaker	affected `pacemaker 1.1.24-rc1, pacemaker 2.0.5-rc2`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1888191

https://seclists.org/oss-sec/2020/q4/83

https://lists.clusterlabs.org/pipermail/users/2020-October/027840.html

[debian-lts-announce] 20210106 [SECURITY] [DLA 2519-1] pacemaker security update

mailing-list

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.